summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml
blob: bcf65e6eb6dd41a944c0ea609687b36df17b4615 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<samba:parameter name="map untrusted to domain"
                 context="G"
		 type="boolean"
		 advanced="1"
		 developer="1"
		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
    <para>
    If a client connects to smbd using an untrusted domain name, such as
    BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before
    attempting to authenticate that user.  In the case where smbd is acting as
    a PDC this will be DOMAIN\user.  In the case where smbd is acting as a
    domain member server or a standalone server this will be WORKSTATION\user.
    </para>

    <para>
    In previous versions of Samba (pre 3.4), if smbd was acting as a domain
    member server, the BOGUS domain name would instead be replaced by the
    primary domain which smbd was a member of.  In this case authentication
    would be deferred off to a DC using the credentials DOMAIN\user.
    </para>

    <para>
    When this parameter is set to <constant>yes</constant> smbd provides the
    legacy behavior of mapping untrusted domain names to the primary domain.
    When smbd is not acting as a domain member server, this parameter has no
    effect.
    </para>

</description>

<value type="default">no</value>
</samba:parameter>